A framework for DNS based detection and mitigation of malware infections on a network
- Stalmans, Etienne, Irwin, Barry V W
- Authors: Stalmans, Etienne , Irwin, Barry V W
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429827 , vital:72642 , 10.1109/ISSA.2011.6027531
- Description: Modern botnet trends have lead to the use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques bypass traditional detection systems such as blacklists and intrusion detection systems. The Domain Name Service (DNS) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities, including botnet activity. For this reason DNS forms the ideal candidate for monitoring, detecting and mit-igating botnet activity. In this paper a system placed at the network edge is developed with the capability to detect fast-flux domains using DNS queries. Multiple domain features were examined to determine which would be most effective in the classification of domains. This is achieved using a C5.0 decision tree classifier and Bayesian statistics, with positive samples being labeled as potentially malicious and nega-tive samples as legitimate domains. The system detects malicious do-main names with a high degree of accuracy, minimising the need for blacklists. Statistical methods, namely Naive Bayesian, Bayesian, Total Variation distance and Probability distribution are applied to detect mali-cious domain names. The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low false positive rates.
- Full Text:
- Date Issued: 2011
- Authors: Stalmans, Etienne , Irwin, Barry V W
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429827 , vital:72642 , 10.1109/ISSA.2011.6027531
- Description: Modern botnet trends have lead to the use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques bypass traditional detection systems such as blacklists and intrusion detection systems. The Domain Name Service (DNS) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities, including botnet activity. For this reason DNS forms the ideal candidate for monitoring, detecting and mit-igating botnet activity. In this paper a system placed at the network edge is developed with the capability to detect fast-flux domains using DNS queries. Multiple domain features were examined to determine which would be most effective in the classification of domains. This is achieved using a C5.0 decision tree classifier and Bayesian statistics, with positive samples being labeled as potentially malicious and nega-tive samples as legitimate domains. The system detects malicious do-main names with a high degree of accuracy, minimising the need for blacklists. Statistical methods, namely Naive Bayesian, Bayesian, Total Variation distance and Probability distribution are applied to detect mali-cious domain names. The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low false positive rates.
- Full Text:
- Date Issued: 2011
African Languages And ICT Education
- Dalvit, Lorenzo, Murray, Sarah, Terzoli, Alfredo
- Authors: Dalvit, Lorenzo , Murray, Sarah , Terzoli, Alfredo
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/431166 , vital:72750 , https://www.scitepress.org/Papers/2011/33507/33507.pdf
- Description: In South Africa, English plays a dominant role compared to African lan-guages in empowering domain. Better access to Education through the use of African languages is an object of heated debate. This paper shows that an intervention involving the use of an African language in the domain of ICT Education can change the attitudes of Black universi-ty students. The methodology used included a survey with preliminary and follow-up questionnaires and interviews and an intervention involv-ing the use of localised software and of an on-line glossary of computer terms translated, explained and exemplified in an African language (isiXhosa). This experience increased the support for the use of African languages as additional LoLT, even in the English-dominated field of study of Computer Science. This is an initial step towards promoting linguistic equality between English and African languages and social equality between their speakers.
- Full Text:
- Date Issued: 2011
- Authors: Dalvit, Lorenzo , Murray, Sarah , Terzoli, Alfredo
- Date: 2011
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/431166 , vital:72750 , https://www.scitepress.org/Papers/2011/33507/33507.pdf
- Description: In South Africa, English plays a dominant role compared to African lan-guages in empowering domain. Better access to Education through the use of African languages is an object of heated debate. This paper shows that an intervention involving the use of an African language in the domain of ICT Education can change the attitudes of Black universi-ty students. The methodology used included a survey with preliminary and follow-up questionnaires and interviews and an intervention involv-ing the use of localised software and of an on-line glossary of computer terms translated, explained and exemplified in an African language (isiXhosa). This experience increased the support for the use of African languages as additional LoLT, even in the English-dominated field of study of Computer Science. This is an initial step towards promoting linguistic equality between English and African languages and social equality between their speakers.
- Full Text:
- Date Issued: 2011
- «
- ‹
- 1
- ›
- »